CN108989336A - A kind of emergency disposal system and emergence treating method for network safety event - Google Patents

A kind of emergency disposal system and emergence treating method for network safety event Download PDF

Info

Publication number
CN108989336A
CN108989336A CN201810944468.4A CN201810944468A CN108989336A CN 108989336 A CN108989336 A CN 108989336A CN 201810944468 A CN201810944468 A CN 201810944468A CN 108989336 A CN108989336 A CN 108989336A
Authority
CN
China
Prior art keywords
event
module
tool
network safety
emergency disposal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810944468.4A
Other languages
Chinese (zh)
Other versions
CN108989336B (en
Inventor
王勇
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201810944468.4A priority Critical patent/CN108989336B/en
Publication of CN108989336A publication Critical patent/CN108989336A/en
Application granted granted Critical
Publication of CN108989336B publication Critical patent/CN108989336B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Abstract

The present invention relates to a kind of emergency disposal system and emergence treating method for network safety event, system includes data acquisition module, event manager module, event handling module, auxiliary tool module and expertise library module;Typing network safety event essential information simultaneously carries out safety detection using auxiliary tool module, data collecting module collected information, file and input system are implanted using the lookup of auxiliary tool module, event handling module analysis obtains threaded tree and attacker's information, analysis result is confirmed based on expert knowledge library module information, it is qualitative to event, it obtains improving suggestions and provides event handling report, rectification.The present invention establishes the network safety event emergency disposal process flow of standard, event handling means, mode are standardized, improve disposal efficiency, harm is avoided to expand, economic loss is reduced, integrates information and collects, analysis, rectifies and improves, automatically analyze, generate improving suggestions, generate report, it disposes result to retain, facilitates access.

Description

A kind of emergency disposal system and emergence treating method for network safety event
Technical field
It is the present invention relates to the technical field of data switching networks, in particular to a kind of network safety event emergency disposal stream Cheng Hua, systematization the emergency disposal system and emergence treating method for network safety event.
Background technique
Social now, internet has formed scale, has more and more profoundly changed the study, work and life of people Mode, or even entire society's process is affected, diversification is moved towards in the application of internet, and netizen's scale, which continues to manifest, to be sent out continuously and healthily The trend of exhibition.
At this stage, network security situation in China's is increasingly severe complicated, and network safety event is also increasingly complex, and attack means are more For multiplicity.Each enterprise or tissue surface are often helpless to this situation, can only passively increase some firewalls and anti-virus wooden horse System, but can not effectively and timely handle problems.
In the prior art, for network safety event mainly discuss be all network safety event analysis link, not Having has too many description to emergency disposal link, and in actual operation, the emergency disposal link of network safety event is often all It is disposed by the way of artificial, is affected by individual factor, is in particular in:
1, artificial disposal efficiency is unstable, and efficiency is fluctuated;
2, artificial disposal process disunity;
3, time-consuming long, it cannot be automatically generated disposition report, disposition is suggested;
4, disposition result is inaccurate and is not easy to be managed disposition result;
The above various emergency disposal efficiency that will lead to network safety event are unstable, disposal process disunity, dispose result not Accurately.
Summary of the invention
Present invention solves the technical problem that being, in the prior art, there is no the emergency disposal links to network safety event Standardized, unitized, and leads to the unstable emergency disposal efficiency of network safety event, disposal process disunity, disposition As a result inaccurate, for this purpose, the present invention provides at the emergency disposal system and emergency for network safety event of a kind of optimization Set method.
The technical scheme adopted by the invention is that a kind of emergency disposal system for network safety event, the system Include:
One for acquire data data acquisition module,
One for the event manager module of event information integrated management,
One for event analysis and displaying event handling module,
One for it is qualitative to event handling and provide improving suggestions and disposition report disposition conclusion module,
One auxiliary tool module and one is for providing the expertise library module of support for event analysis and validating vulnerability.
Preferably, the data of the data collecting module collected include website source code, operating system log, website web visit Ask log and middleware log information.
It preferably, include automatically analyzing and manual analysis for the analysis of event in the event handling module.
It preferably, include that analysis result is shown and clue displaying for the displaying of event in the event handling module.
Preferably, the auxiliary tool module includes the validating vulnerability tool for verifying target object loophole there are situation With the viral horse detection tool that whether there is back door for detected target object, the auxiliary tool module further includes log point Analysis tool, log partition tools and file rescue plus.
Preferably, the validating vulnerability tool includes system vulnerability verification tool, website vulnerability verification tool, database leakage Hole verification tool and SQL injection verification tool.
Preferably, the viral horse detection tool includes virus detection tool, trojan horse detection tool and malicious code inspection Survey tool.
A kind of emergence treating method using the emergency disposal system for network safety event, the method packet Include following steps:
Step 1: the essential information of typing network safety event simultaneously carries out safety detection using auxiliary tool module;
Step 2: data collecting module collected includes website source code, operating system log, website web access log, middleware day The information of will, and using auxiliary tool module carry out virus, wooden horse, malicious code inspection, search the virus document being implanted, Wooden horse file, WebShell file;
Step 3: obtained virus document, wooden horse file, WebShell file will be searched as initial clue typing emergency disposal In system, event handling module is analyzed, and obtains threaded tree and attacker's information;
Step 4: the information manually based on expertise library module confirms the analysis result of step 3;If confirmation is errorless It carries out in next step, otherwise return step 3;
Step 5: according to obtained threaded tree and attacker's relevant information, disposition conclusion module is qualitative to event, show that rectification is built It discusses and provides event handling report;
Step 6: rectification.
Preferably, in the step 1, safety detection includes system vulnerability, website vulnerability and the verification of database loophole.
Preferably, whole to be instead based on improving suggestions and event report in the step 6, website is completed using auxiliary tool Cleaning, system restore, loophole is reinforced.
The present invention provides the emergency disposal systems and emergence treating method for network safety event of a kind of optimization, lead to Cross by system be set as include the data acquisition module for being used to acquire data, the event manager module for being used for event information managing, The event handling module of analysis and displaying for event, auxiliary tool module and for being mentioned for event analysis and validating vulnerability It is all linked with one another for the form of the expertise library module of support, safety detection, collection event information are carried out to the time of typing And be scanned, check, threaded tree and attacker's relevant information are obtained after association analysis, it is final to rectify and improve.
System of the invention can establish the network safety event emergency disposal process flow of standard, to event handling hand Section, disposal options are standardized, and the disposal efficiency of event handling personnel is effectively improved, the expansion for avoiding event from endangering, reduction pair The economic loss of company or tissue.
The beneficial effects of the present invention are:
(1) present invention integrates information and collects, analysis, rectifies and improves, the emergency disposal process of specification network safety event;
(2) present invention can automatically analyze, automatically generates improving suggestions, automatically generate report, reduce artificial participate in objectivity Influence;
(3) disposition result of the invention can be retained in current system in the form of database file, be consulted after convenient.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, but protection scope of the present invention is not limited to This.
The present invention relates to a kind of emergency disposal system for network safety event, the system comprises:
One for acquire data data acquisition module,
One for the event manager module of event information integrated management,
One for event analysis and displaying event handling module,
One for it is qualitative to event handling and provide improving suggestions and disposition report disposition conclusion module,
One auxiliary tool module and one is for providing the expertise library module of support for event analysis and validating vulnerability.
The data of the data collecting module collected include website source code, operating system log, website web access log and Middleware log information.
It include automatically analyzing and manual analysis for the analysis of event in the event handling module.
In the present invention, the inside automatically analyzed realizes that logic includes several forms:
(1) collected event information is arranged, according to typing initial clue, as virus document, wooden horse file, Relevant information of WebShell file etc. carries out identification matching, arranges matched information and feeds back to emergency disposal system;
(2) collected event information is arranged, all kinds of attack signatures such as sql injection attacks feature, xss is attacked special Sign, webshell feature etc., other features such as struts2 loophole feature, website sensitive kind file, sensitive keys word etc. carry out Identification matching, arranges matched information, and feed back to emergency disposal system;
(3) further association analysis is carried out to other clues of emergency disposal system feedback, and feeds back to emergency disposal system.
In the present invention, to automatically analyzing as an example it is assumed that collected information has web log, then by automatically analyzing For the matching of xss attack signature [attackRule=(S) %3C (S+) %3E | (S) %3C (S+) %2F%3E | (S+)<(S+)>| (S+)<(S+)/>| onerror | onmouse | expression | " | alert | document | prompt (]) The trace for whether having xss to attack in web log known, if any being just labeled as xss attack, carrying out after all information labelings Statistic of classification feeds back to emergency disposal system.
In the present invention, the realization logic of manual analysis includes several forms:
(1) data that can feed back to that disposal system is collated but does not analyze are automatically analyzed, disposal personnel can be based on this progress Manual analysis, and such as search for, mark, certain information be defined as clue operation;
(2) it is analyzed again on the result for automatically analyzing feedback, such as automatically analyzes the dependency number for having fed back 100 loopholes According to 5000, disposal personnel can analyze this 5000 data again;
(3) it is collated but do not analyze can to feed back to disposal system after automatically analyzing for the customized clue of disposal personnel It is screened in data, searches its relevance, the mode automatically analyzed can also be given and completed.
In the present invention, for example to manual analysis, automatically analyzes and feeds back to disposal system reduced data 150w item, Disposal personnel can screen 150w data, can be inquired with sets itself querying condition, can also to data into Rower note, or selection data be added clue (customized clue, crucial clue) in, can be added clue data in 150w Associated data are searched in data, can also be transferred to automatically analyze engine and be analysed in depth.
It include that analysis result is shown and clue displaying for the displaying of event in the event handling module.
The auxiliary tool module includes for verifying target object loophole there are the validating vulnerability tool of situation and being used for Detected target object whether there is the viral horse detection tool at back door, and the auxiliary tool module further includes log analysis work Tool, log partition tools and file rescue plus.
The validating vulnerability tool includes system vulnerability verification tool, website vulnerability verification tool, database validating vulnerability Tool and SQL injection verification tool.
The virus horse detection tool includes virus detection tool, trojan horse detection tool and Malicious Code Detection tool.
In the present invention, the event information of event manager module integrated management includes essential information and personal information, wherein base This information includes organization, systematic name, the number of putting on record, rank of putting on record, website domain name, IP address, OS name and version Originally, technology, website service content etc. that title and version, the title of database and version, system framework of middleware are related to, people Member's information includes relating to thing unit personnel, research and development unit personnel, O&M unit personnel, the organization of disposal personnel, name, connection Mode, post etc..Event manager module provides the function of displaying, typing, modification, deletion for these essential informations and personal information Can, play the role of integrated management.
In the present invention, in the content of data collecting module collected, middleware is a kind of independent system software or service journey Sequence provides support for the access of web site.
In the present invention, the clue that clue is shown in event handling module refers to the IP for finding attacker, to realize this purpose All valuable information, such as IP, access URL, picture name, picture time, webpage title.
In the present invention, clue can also can be obtained with manual entry by automatically analyzing, and clue type includes automatically analyzing to draw Hold up push automatically analyze clue, disposal personnel oneself definition customized clue, automatically analyze out and disposal personnel mark Crucial clue, in clue only the single clue comprising a clue, in clue comprising multiple clues and multiple clues have one The compound clue of fixed relationship.
In the present invention, system vulnerability verification tool, website vulnerability verification tool, database validating vulnerability tool, SQL injection Verification tool, virus detection tool, trojan horse detection tool, Malicious Code Detection tool, log analysis tool, log partition tools It is auxiliary tool commonly used in the art with file rescue plus etc., those skilled in the art can voluntarily set according to demand It sets.
A kind of emergence treating method using the emergency disposal system for network safety event, the method packet Include following steps.
Step 1: the essential information of typing network safety event simultaneously carries out safety detection using auxiliary tool module.
In the step 1, safety detection includes system vulnerability, website vulnerability and the verification of database loophole.
Step 2: data collecting module collected includes website source code, operating system log, website web access log, centre The information of part log, and using the inspection of auxiliary tool module progress virus, wooden horse, malicious code, search the virus being implanted File, wooden horse file, WebShell file.
In the present invention, step 2, which avoids, adopts less caused by manual operation, leaks the case where adopting, accidentally adopting.
Step 3: the virus document, wooden horse file, WebShell file that lookup obtains are met an urgent need as initial clue typing In disposal system, event handling module is analyzed, and obtains threaded tree and attacker's information.
Step 4: the information manually based on expertise library module confirms the analysis result of step 3;If confirming nothing Mistake then carries out in next step, otherwise return step 3.
In the present invention, step 3 and 4 takes the form for automatically analyzing and adding manual analysis, accelerates the analysis efficiency of event.
Step 5: according to obtained threaded tree and attacker's relevant information, disposition conclusion module is qualitative to event, obtains whole Reconstruction discusses and provides event handling report.
Step 6: rectification.
It is whole to be instead based on improving suggestions and event report in the step 6, website cleaning is completed using auxiliary tool, is System restores, loophole is reinforced.
In the present invention, the disposition suggestion and disposition report obtained based on step 6, the artificial combing disposition of reduction is suggested and is disposed The time of report accelerates disposal efficiency.
By by system, to be set as include the data acquisition module for being used to acquire data to the present invention, is used for event information managing Event manager module, the event handling module of analysis and displaying for event, auxiliary tool module and for for event point Analysis and validating vulnerability provide the form of the expertise library module of support, all linked with one another, carry out safety to the time of typing Detection, collection event information are simultaneously scanned, check, threaded tree and attacker's relevant information are obtained after association analysis, final whole Change.
System of the invention can establish the network safety event emergency disposal process flow of standard, to event handling hand Section, disposal options are standardized, and the disposal efficiency of event handling personnel is effectively improved, the expansion for avoiding event from endangering, reduction pair The economic loss of company or tissue.The present invention integrates information and collects, analysis, rectifies and improves, the emergency of specification network safety event Disposal process can automatically analyze, automatically generates improving suggestions, automatically generate report, reduce the artificial shadow participated in objectivity It rings, disposition result can be retained in current system in the form of database file, be consulted after convenient.

Claims (10)

1. a kind of emergency disposal system for network safety event, it is characterised in that: the system comprises:
One for acquire data data acquisition module,
One for the event manager module of event information integrated management,
One for event analysis and displaying event handling module,
One for it is qualitative to event handling and provide improving suggestions and disposition report disposition conclusion module,
One auxiliary tool module and one is for providing the expertise library module of support for event analysis and validating vulnerability.
2. a kind of emergency disposal system for network safety event according to claim 1, it is characterised in that: the number It include website source code, operating system log, website web access log and middleware log letter according to the data that acquisition module acquires Breath.
3. a kind of emergency disposal system for network safety event according to claim 1, it is characterised in that: the thing It include automatically analyzing and manual analysis for the analysis of event in part disposition module.
4. a kind of emergency disposal system for network safety event according to claim 1, it is characterised in that: the thing It includes that the displaying of analysis result and clue are shown for the displaying of event that part, which is disposed in module,.
5. a kind of emergency disposal system for network safety event according to claim 1, it is characterised in that: described auxiliary Helping tool model includes being for verifying target object loophole there are the validating vulnerability tool of situation and for detected target object It is no there are the viral horse detection tool at back door, the auxiliary tool module further includes log analysis tool, log partition tools And file rescue plus.
6. a kind of emergency disposal system for network safety event according to claim 5, it is characterised in that: the leakage Hole verification tool includes that system vulnerability verification tool, website vulnerability verification tool, database validating vulnerability tool and SQL injection are tested Card tool.
7. a kind of emergency disposal system for network safety event according to claim 5, it is characterised in that: the disease Malicious horse detection tool includes virus detection tool, trojan horse detection tool and Malicious Code Detection tool.
8. a kind of emergency disposal side using the emergency disposal system for network safety event described in one of claim 1 ~ 7 Method, it is characterised in that: the described method comprises the following steps:
Step 1: the essential information of typing network safety event simultaneously carries out safety detection using auxiliary tool module;
Step 2: data collecting module collected includes website source code, operating system log, website web access log, middleware day The information of will, and using auxiliary tool module carry out virus, wooden horse, malicious code inspection, search the virus document being implanted, Wooden horse file, WebShell file;
Step 3: obtained virus document, wooden horse file, WebShell file will be searched as initial clue typing emergency disposal In system, event handling module is analyzed, and obtains threaded tree and attacker's information;
Step 4: the information manually based on expertise library module confirms the analysis result of step 3;If confirmation is errorless It carries out in next step, otherwise return step 3;
Step 5: according to obtained threaded tree and attacker's relevant information, disposition conclusion module is qualitative to event, show that rectification is built It discusses and provides event handling report;
Step 6: rectification.
9. a kind of emergence treating method of emergency disposal system for network safety event according to claim 8, Be characterized in that: in the step 1, safety detection includes system vulnerability, website vulnerability and the verification of database loophole.
10. a kind of emergence treating method of emergency disposal system for network safety event according to claim 8, It is characterized in that: it is whole to be instead based on improving suggestions and event report in the step 6, website cleaning is completed using auxiliary tool, is System restores, loophole is reinforced.
CN201810944468.4A 2018-08-19 2018-08-19 Emergency disposal system and emergency disposal method for network security event Active CN108989336B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810944468.4A CN108989336B (en) 2018-08-19 2018-08-19 Emergency disposal system and emergency disposal method for network security event

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810944468.4A CN108989336B (en) 2018-08-19 2018-08-19 Emergency disposal system and emergency disposal method for network security event

Publications (2)

Publication Number Publication Date
CN108989336A true CN108989336A (en) 2018-12-11
CN108989336B CN108989336B (en) 2021-09-28

Family

ID=64553383

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810944468.4A Active CN108989336B (en) 2018-08-19 2018-08-19 Emergency disposal system and emergency disposal method for network security event

Country Status (1)

Country Link
CN (1) CN108989336B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324308A (en) * 2019-05-17 2019-10-11 国家工业信息安全发展研究中心 Network security emergency disposal system
CN110493188A (en) * 2019-07-12 2019-11-22 中国电子科技集团公司电子科学研究院 A kind of method, relevant apparatus and storage medium handling network safety event
CN111614696A (en) * 2020-06-02 2020-09-01 深圳供电局有限公司 Network security emergency response method and system based on knowledge graph
CN113824745A (en) * 2021-11-24 2021-12-21 武汉大学 Network safety emergency disposal system based on recurrent neural network model

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594783A (en) * 2011-01-14 2012-07-18 中国科学院软件研究所 Network security emergency responding method
US20120258437A1 (en) * 2011-04-08 2012-10-11 Wombat Security Technologies, Inc. Context-aware training systems, apparatuses, and methods
CN103905237A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 Telecom exchange network management system and management method
CN104766166A (en) * 2015-03-27 2015-07-08 杭州安恒信息技术有限公司 Grade-protection-oriented information system security compliance check method
CN106339439A (en) * 2016-08-22 2017-01-18 成都众易通科技有限公司 Big data analysis method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102594783A (en) * 2011-01-14 2012-07-18 中国科学院软件研究所 Network security emergency responding method
US20120258437A1 (en) * 2011-04-08 2012-10-11 Wombat Security Technologies, Inc. Context-aware training systems, apparatuses, and methods
CN103905237A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 Telecom exchange network management system and management method
CN104766166A (en) * 2015-03-27 2015-07-08 杭州安恒信息技术有限公司 Grade-protection-oriented information system security compliance check method
CN106339439A (en) * 2016-08-22 2017-01-18 成都众易通科技有限公司 Big data analysis method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324308A (en) * 2019-05-17 2019-10-11 国家工业信息安全发展研究中心 Network security emergency disposal system
CN110493188A (en) * 2019-07-12 2019-11-22 中国电子科技集团公司电子科学研究院 A kind of method, relevant apparatus and storage medium handling network safety event
CN111614696A (en) * 2020-06-02 2020-09-01 深圳供电局有限公司 Network security emergency response method and system based on knowledge graph
CN111614696B (en) * 2020-06-02 2022-11-18 深圳供电局有限公司 Network security emergency response method and system based on knowledge graph
CN113824745A (en) * 2021-11-24 2021-12-21 武汉大学 Network safety emergency disposal system based on recurrent neural network model

Also Published As

Publication number Publication date
CN108989336B (en) 2021-09-28

Similar Documents

Publication Publication Date Title
CN110912890B (en) Vulnerability attack detection system for intranet
Sebastián et al. Avclass2: Massive malware tag extraction from av labels
Zeng et al. WATSON: Abstracting Behaviors from Audit Logs via Aggregation of Contextual Semantics.
CN108989336A (en) A kind of emergency disposal system and emergence treating method for network safety event
US20130304742A1 (en) Hardware-accelerated context-sensitive filtering
CN105069355B (en) The static detection method and device of webshell deformations
US20150207811A1 (en) Vulnerability vector information analysis
CN105491053A (en) Web malicious code detection method and system
JP2007058514A (en) Information processor, information processing method and program
CN103430504A (en) System and method for protecting specified data combinations
CN105975604A (en) Distribution iterative data processing program abnormity detection and diagnosis method
CN113821804B (en) Cross-architecture automatic detection method and system for third-party components and security risks thereof
CN111104579A (en) Identification method and device for public network assets and storage medium
KR20120071834A (en) Automatic management system for group and mutant information of malicious code
Canto et al. Large scale malware collection: lessons learned
CN109829304A (en) A kind of method for detecting virus and device
Bao et al. V-SZZ: automatic identification of version ranges affected by CVE vulnerabilities
CN113139192A (en) Third-party library security risk analysis method and system based on knowledge graph
Di Lucca et al. Clone analysis in the web era: An approach to identify cloned web pages
Paranthaman et al. Malware collection and analysis
Wu Acknowledgement entity recognition in CORD-19 papers
Noman et al. A survey on detection and prevention of web vulnerabilities
CN103838865B (en) For excavating the method and device of ageing kind of subpage
Zhang et al. Osldetector: Identifying open-source libraries through binary analysis
Seideman et al. Identifying malware genera using the Jensen-Shannon distance between system call traces

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant